Copyright, Code and Creativity

A Note of Caution About DRM in JPEG
Jeremy Malcolm
JPEG Workshop, Brussels
October 13, 2015

JPEG, October 13, 2015

Outline

Problems with DRM
Technical and Security Problems
Legal and Social Problems
Alternatives to DRM
Technical and Security Alternatives
Legal and Social Alternatives

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

2

JPEG, October 13, 2015

Introduction
• Some of the proposals for the JPEG Privacy & Security

activity threaten to create a form of DRM for images

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

3

JPEG, October 13, 2015

Introduction
• Some of the proposals for the JPEG Privacy & Security

activity threaten to create a form of DRM for images
• This would not be eﬀective at protecting intellectual

property rights in images and would have unwanted
side-eﬀects

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

4

JPEG, October 13, 2015

Introduction
• Some of the proposals for the JPEG Privacy & Security

activity threaten to create a form of DRM for images
• This would not be eﬀective at protecting intellectual

property rights in images and would have unwanted
side-eﬀects
• Most other objectives of the JPEG Privacy & Security

activity can be achieved without resorting to DRM

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

5

JPEG, October 13, 2015

Problems with DRM
Alternatives to DRM

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

6

JPEG, October 13, 2015

Cryptographers Don’t Believe That DRM Works

“Digital ﬁles cannot be made uncopyable, any more
than water can be made not wet.”
— Bruce Schneier
• To allow use of DRM-protected works requires

distributing both the “lock” and the “key” to the user
• It only ever takes time for the key to be extracted!

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

7

JPEG, October 13, 2015

Cryptographers Don’t Believe That DRM Works
“Digital ﬁles cannot be made uncopyable, any more
than water can be made not wet.”
— Bruce Schneier
• To allow use of DRM-protected works requires

distributing both the “lock” and the “key” to the user
• It only ever takes time for the key to be extracted!
• At worst, the analog hole can always be used

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

8

JPEG, October 13, 2015

Cryptographers Don’t Believe That DRM Works

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

9

JPEG, October 13, 2015

DRM Does Not Map Cleanly To Legal Rights
• Does not account for

copyright limitations such as
fair dealing, fair use and
quotation

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

10

JPEG, October 13, 2015

DRM Does Not Map Cleanly To Legal Rights
• Does not account for

copyright limitations such as
fair dealing, fair use and
quotation
• Allows anti-competitive

conduct like region coding

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

11

JPEG, October 13, 2015

DRM Does Not Map Cleanly To Legal Rights
• Does not account for

copyright limitations such as
fair dealing, fair use and
quotation
• Allows anti-competitive

conduct like region coding
• Even archives often (wrongly)

claim copyright-like rights in
public domain images

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

12

JPEG, October 13, 2015

DRM Doesn’t Achieve Standardization Goals
DRM does not actually protect media, but it does:
• Restrict media from being used with free and open

source tools.
• Make interoperability more diﬃcult to engineer.
• Expose coders and researchers to additional legal risk.
• Extend a bad precedent for the extension of DRM to

other forms of digital content.

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

13

JPEG, October 13, 2015

DRM Doesn’t Achieve Standardization Goals
DRM does not actually protect media, but it does:
• Restrict media from being used with free and open

source tools.
• Make interoperability more diﬃcult to engineer.
• Expose coders and researchers to additional legal risk.
• Extend a bad precedent for the extension of DRM to

other forms of digital content.
EME standardization at W3C
EME has not produced a reliable solution – it’s a
support/implementation nightmare that members can’t
make sense of.
Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

14

JPEG, October 13, 2015

DRM Reduces the Value of Content
Apple TV 2, with lower specs than Apple TV 3, sells for three times as much

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

15

JPEG, October 13, 2015

DRM Reduces the Value of Content
Apple TV 2, with lower specs than Apple TV 3, sells for three times as much

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

16

JPEG, October 13, 2015

Exposure to Liability for Vulnerability Reporting
• Anti-circumvention laws threaten liability for those

reporting vulnerabilities in DRM implementations

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

17

JPEG, October 13, 2015

Exposure to Liability for Vulnerability Reporting
• Anti-circumvention laws threaten liability for those

ﬁnd their way into so many products and UIs
Public health and safety
If your pacemaker’s app uses JPEG icons, it could potentially
criminalize vulnerability reporting
• The end-result: long-lived critical vulnerabilities that are

DMCA for speaking at DEF CON about breaking e-book
encryption (even though this was legal in Russia!)

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

21

JPEG, October 13, 2015

DRM is Out of Step With Emerging Policy Norms
• 2014 OECD recommendation requires disclosure of

“any technical measures that have been put in place,
including any eﬀects that these measures may have on
product or device usage.”

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

22

JPEG, October 13, 2015

DRM is Out of Step With Emerging Policy Norms
• 2014 OECD recommendation requires disclosure of

“any technical measures that have been put in place,
including any eﬀects that these measures may have on
product or device usage.”
• July 2015 European Parliament report emphasizes

problems with “portability and geoblocking” and notes
that “lack of interoperability hampers innovation,
reduces competition and harms the consumer”.

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

23

JPEG, October 13, 2015

DRM is Out of Step With Emerging Policy Norms
• 2014 OECD recommendation requires disclosure of

“any technical measures that have been put in place,
including any eﬀects that these measures may have on
product or device usage.”
• July 2015 European Parliament report emphasizes

problems with “portability and geoblocking” and notes
that “lack of interoperability hampers innovation,
reduces competition and harms the consumer”.
The bottom line:
DRM is considered antithetical to the public interest
Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

24

JPEG, October 13, 2015

Problems with DRM
Alternatives to DRM

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

25

JPEG, October 13, 2015

Cryptography
• Many use cases for JPEG Privacy & Security only require

signing not encrypting metadata
• Integrity of an original version of the image
• Tracking of modiﬁcations
• Integrity of the metadata (date, copyright)

• For encryption of the entire image ﬁle to prevent access,

common container formats for this exist already
• For encryption of plain text metadata only, this can be

done without locking the whole image

Copyright, Code and Creativity

Jeremy Malcolm

eﬀ.org

26

JPEG, October 13, 2015

Rights Management Information
• Even without technical protection for metadata, the law